Getting Data In

Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
OMohi

How to filter out an IP address that is sending syslogs to Splunk using TCP port 514 as input?

Hi Everyone I need to know whether it is possible to filter out an IP address that is sending syslogs into Splunk us...
by OMohi Path Finder in Getting Data In 10-15-2015
1 1
1
1
kwanx

How to add a new directory to continuously monitor and create a new sourcetype from Splunk Web?

Hello! This most likely is operator error, but not sure; don't seem to be able to do this in one GUI effort. Using:...
by kwanx Explorer in Getting Data In 10-15-2015
0 3
0
3
moha3425

how to analyze pcap files?

hi I am using j3725 standrd for DSRC communications, so I am not using UDP or TCP and I want to analyze the PCAP fil...
by moha3425 New Member in Getting Data In 10-15-2015
0 1
0
1
iherre312

How to configure props.conf for two different log types: bluecoat and bluecoat_sg?

I have a two different props.conf stanzas for two different log types (i.e., bluecoat and bluecoat_proxysg). What is ...
by iherre312 Explorer in Getting Data In 10-15-2015
0 1
0
1
maurelio79

How to modify roles for an LDAP group with the REST API?

Hi guys, Sorry to bother you these days, but it's not so easy work with the REST API without some examples. Now I n...
by maurelio79 Communicator in Getting Data In 10-15-2015
0 1
0
1
kwandtke

Sonicwall 4060 logs

I'd like to use the SYSLOG feature in the Sonicwall 4060 to send the logs to SPLUNK automatically .. currently I'm du...
by kwandtke New Member in Getting Data In 10-15-2015
0 3
0
3
daniel333

Is there a Splunk Segment setting for sourcetype, similar to host_segment=x in inputs.conf?

Splunk 6.3 I am looking at the feature host_segment=x in inputs.conf. And wondering if there is a similar feature fo...
by daniel333 Builder in Getting Data In 10-15-2015
0 1
0
1
edrivera3

Timestamp lookahead questions

Hi I have the following configuration: timestamp format : %c timestamp prefix: Start\sTime:\s+ lookahead: ??? I wan...
by edrivera3 Builder in Getting Data In 10-14-2015
2 4
2
4
szabados

Spotting when a file has been finished indexing?

I have a monitor input, which rarely has new files, and I'd like set up an alert for it. How can I find something abo...
by szabados Communicator in Getting Data In 10-14-2015
0 3
0
3
marcokrueger

Is there a limit on json arrays?

Hi, I import a json-file with a json-object that contains an array with another 50 json-objects. It looks like, that ...
by marcokrueger Path Finder in Getting Data In 10-14-2015
0 1
0
1
a212830

How can I debug a TCP feed on a heavy forwarder?

Hi, I need to debug a tcp feed from a load-balancer, on a server where I don't have root or sudo. Is there a props c...
by a212830 Champion in Getting Data In 10-14-2015
0 7
0
7
daniel_augustyn

Is it better to have Universal Forwarders on each server, or collect logs first in one place, and then forward them to the indexers?

What would be the better solution: deploying Universal Forwarders to each server in the environment or collecting log...
by daniel_augustyn Contributor in Getting Data In 10-14-2015
0 1
0
1
athorat

How to create an alert to trigger an email when a forwarder is stopped on a server?

We have a report which helps us to trigger an alert when the Indexer is down. Is there a way we can monitor if the fo...
by athorat Communicator in Getting Data In 10-14-2015
0 2
0
2
hartfoml

How to filter out a Windows Event Code if the event from a user repeats over a period of time?

I want to capture Windows Event Logs EventCode 4673 when it happens once for each user over a period of one hour. If...
by hartfoml Motivator in Getting Data In 10-14-2015
0 5
0
5
shaharl

Sending rsyslog JSON format

Hello, I have tried today to integrate Splunk with Rsyslog that Contains JSON. The issue is that rsyslog is sending ...
by shaharl Engager in Getting Data In 10-14-2015
0 4
0
4
msbhatmam

Time format for identifying processing rate

I am trying to get some details from my event text which has the record count and also the processing time. I want to...
by msbhatmam New Member in Getting Data In 10-13-2015
0 2
0
2
rruth

On a Linux Splunk Server, how do I ingest Windows CIFS audit files

I have adtlog.evt files I wish to look at from Splunk. How do I do this without using a Windows Splunk server? (I d...
by rruth Engager in Getting Data In 10-13-2015
0 2
0
2
szabados

Monitor input not reading files ?

I'm facing an issue with a monitor input like this: index=myindex disabled=0 sourcetype=mysourcetype crcSalt=salt Th...
by szabados Communicator in Getting Data In 10-13-2015
0 4
0
4
inicholson

splunk-reskit-powershell 401

I'm using splunk-reskit-powershell to access splunk, but running "Connect-Splunk -Credentials $credentials -ComputerN...
by inicholson Engager in Getting Data In 10-13-2015
1 5
1
5
lycollicott

Can I call more than one transform from a props.conf stanza?

[tomcat-logs] TRANSFORMS-null = setnullping TRANSFORMS-rename_source = source_clean-YYYY-MM-DD Is that a legitimate ...
by lycollicott Motivator in Getting Data In 10-13-2015
0 1
0
1
arkadyz1

Getting additional disk space for a fast growing index. What's next?

We have a fast growing index which now has filled 94% of the available space. Our system administrators gave us a new...
by arkadyz1 Builder in Getting Data In 10-13-2015
0 1
0
1
Ed_Alias

How to Not apply cluster-bundle

Hi, i am installing two new indexers for test, as test indexers they have very small disks. As clustermember they...
by Ed_Alias Path Finder in Getting Data In 10-12-2015
0 4
0
4
Norling80

Drop specific event

Hi I have a log that we are indexing, now we want to drop specific events from it by sending it to the nullQueue. ...
by Norling80 Path Finder in Getting Data In 10-12-2015
0 2
0
2
atat23

Line breaking two different time prefixes

Think I may have tried everything in props at this stage, Splunk does not seem to be paying much attention to anythin...
by atat23 Path Finder in Getting Data In 10-12-2015
0 3
0
3
Jochen_1987

Can't index a .csv file?!?

Hey, I tried to index a .csv file several times and I can see the file in "Manager » Data inputs » Files & directori...
by Jochen_1987 Explorer in Getting Data In 10-11-2015
2 11
2
11
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All